Sr. Software Engineer, Sensor - Anti-Tampering/SSP (Hybrid) in Sunnyvale, California at CrowdStrike, Inc.
Explore Related Opportunities
Job Description
Full time
R29408
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're proud to work for a mission-driven company leveraging AI to transform the way we work. CrowdStrikers drive their careers through flexibility and autonomy while also being expected to contribute to a culture of responsible AI adoption, experimentation, and innovation. We use an AI-first mindset as a force multiplier to proactively and continuously accelerate execution, build expertise, uncover insights, and solve complex problems. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:
CrowdStrike's Sensor Security Platform (SSP) team is building up a dedicated Sensor Anti-Tampering engineering team to protect the Falcon sensor against adversary subversion. The Falcon sensor runs on millions of endpoints — and is a high-value target for sophisticated threat actors who seek to disable, evade, or degrade endpoint protection as a precursor to their attacks.
This role exists at the intersection of offense and defense: you will think like an adversary to protect one of the world's most widely deployed security agents. You will design and implement tamper-resistance, tamper-detection, and tamper-response capabilities that ensure the Falcon sensor remains operational and trustworthy — even when an attacker has elevated privileges on the endpoint.
The Anti-Tampering domain spans all major OS platforms: Windows, macOS, Linux. While no single engineer is expected to be expert across all platforms, you will bring deep OS and systems expertise on at least one, and develop cross-platform perspective as part of the team.
What You'll Do:
Design, implement and own sensor anti-tampering capabilities — including tamper prevention, tamper detection, and tamper response mechanisms
Collaborate with CrowdStrike's adversary intelligence, red team, and product security groups to stay ahead of emerging anti-EDR tradecraft
Partner with our threat analysts to understand adversary techniques targeting EDR agents (e.g. unhooking, driver manipulation, process termination, credential abuse, policy subversion) and develop mitigations against them
Reason about and enumerate the sensor's attack surface on your platform(s) of expertise, identifying gaps in tamper-resistance coverage
Contribute to cross-platform anti-tampering architecture — ensuring consistency of guarantees while respecting platform-specific realities
Write code in C/C++ and in CrowdStrike's internal domain-specific languages (you will be trained in the DSL; it is event-driven, asynchronous, and used extensively in the sensor's detection and response logic)
Write unit, functional and integration tests — including adversarial test cases that simulate tamper attempts
Participate in security design reviews for new sensor features, advising on tamper-resistance implications
Diagnose and respond to production escalations related to sensor tampering — including ProdSec and customer-reported issues
What You'll Need:
Deep systems programming expertise on at least one major platform (Windows, macOS, or Linux) — particularly in areas relevant to security agent protection: kernel interfaces, driver frameworks, process/memory protection, system service architecture
Ability to reason adversarially: understand how an attacker with local admin or root privileges would attempt to disable or evade a security agent, and design defenses accordingly
Strong C/C++ skills and comfort working in large, complex codebases
Ability to design and implement solutions that are both security-hardened and production-safe (anti-tampering must not compromise system stability)
Ability to reason about, describe, and communicate the security properties and assumptions of complex systems
Experience shipping security-critical software where correctness and reliability are non-negotiable
Ability to work effectively in a distributed, cross-timezone team with complex subject matter expertise
Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.
Bonus Points:
Direct experience with anti-tampering, self-protection, or agent-hardening at another EDR/endpoint security company
Experience with Windows kernel development (minifilters, callbacks, protected processes, Secure Boot/ELAM, ETW)
Experience with macOS system extensions, endpoint security framework, or kext development
Experience with Linux security modules, eBPF, or kernel module development
Reverse engineering or vulnerability research background
Red team or offensive security experience (understanding attacker tooling that targets EDR)
Familiarity with hypervisor-level security or ESXi agent architecture
#LI-CW1
Benefits of Working at CrowdStrike:
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $140,000 - $215,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here.